Privacy Policy

Introduction

This Privacy Policy explains how Catering Services International (a division of Grafters Group Ltd) collects, uses, and protects your personal data when you interact with us, whether via our website, directly, or through third parties.

We are committed to ensuring that your personal data is handled in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

The Data Controller responsible for your personal data is Grafters Group Limited.

Registered address - Kingston House, Pierrepont Street, Bath, BA1 1LA.  Company Reg number 3180316  Email: GDPR@catserv.co.uk

What Personal Data We Collect

We may collect and process the following categories of personal data:

Identity and Contact Data

  • Name
  • Address
  • Email address
  • Telephone number
  • Date of birth

Recruitment and Employment Data

  • CVs & employment history
  • Qualifications & training records
  • References
  • Right to work documentation

 

Special Category Data (where applicable)

  • Health information
  • Racial or ethnic origin
  • Criminal record information (where required for roles)

Financial Data

  • Bank details
  • National Insurance number
  • Payroll information

Technical Data

  • IP address
  • Website usage data (via cookies)

 

How We Collect Your Data

We collect personal data through:

  • Job applications (via website, job boards or directly)
  • Registration with our services
  • Telephone or email communication
  • Referrals from third parties
  • Social media interactions
  • Website usage (cookies)

Lawful Basis for Processing

We process your personal data under the following lawful basis:

Purpose

Lawful Basis
  • Providing recruitment services
  • Contract / pre-contract
  • Payroll & legal compliance
  • Legal obligation
  • Candidate matching & placement
  • Legitimate interests
  • Marketing communications
  • Consent
  • Right to work checks
  
  • Vetting & suitability checks
  

 

Special Category Data

We process sensitive data only where necessary and permitted by law, including; employment law obligations; equality monitoring; establishing, exercising, or defending legal claims.

 

How We Use Your Personal Data

We use your data to:

  • Match you with suitable job opportunities
  • Submit your details to potential employers
  • Manage placements, payroll, and timesheets
  • Conduct compliance and right-to-work checks
  • Communicate with you regarding roles & services
  • Improve our services & website
  • Send marketing communications (where consent is provided)

Sharing Your Data

We may share your data with:

  • Clients (for recruitment purposes)
  • Payroll & IT service providers
  • Background checking & vetting providers
  • Professional advisors (legal, accounting)
  • Regulators & law enforcement where required

All third parties are contractually required to protect your data.

International Data Transfers

Where your data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations
  • International Data Transfer Agreements (IDTAs)
  • Standard contractual clauses

Data Retention

We retain your personal data only as long as necessary:

  • Candidate data (unsuccessful): to 12 months
  • Placement/employment records: to 6 years
  • Payroll & tax records: to 6 years (HMRC requirement)
  • Right to work documentation: duration of employment + 2 years

Data may be retained longer where legally required.

Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Secure systems & encryption
  • Access controls
  • Regular security reviews

While we take all reasonable steps, data transmission over the internet cannot be guaranteed as completely secure.

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion (where applicable)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time (for marketing)

 

To exercise your rights - GDPR@catserv.co.uk  

Marketing

We will only send marketing communications where:

  • You have given consent, or
  • We have a legitimate interest and are permitted to do so

You can opt out at any time using the unsubscribe link or by contacting us.

Automated Decision-Making

We do not carry out automated decision-making that produces legal or similarly significant effects without human involvement.

Complaints

If you are unhappy with how we handle your data, you can contact us directly.  You also have the right to lodge a complaint with the UK supervisory authority:  Information Commissioner’s Office (ICO)  Website: https://ico.org.uk

Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website.